History |
Configuring and starting Internet Services
[Link]Adding a global signature to outbound messages
Configuring the Internet gateway
The Main tab on the Internet gateway form contains general information about your account and Directory synchronization. In order for the gateway to connect to the server, the name at "Service name" must match the gateway name at "Service account" on the Service tab of the Basic Internet Setup form.
Setting the Internet Services password
You must set the Internet Services gateway password you want to use to log into Internet Services. By default, the password is blank. For security reasons, we recommend you enter a password immediately.
To set the Internet Services gateway password:
1 Click Directory information on the Internet gateway form.
2 Type the password at "Password" on the Gateway Directory Information form.
Configuring the connection schedule
You need to configure the Internet Services connection schedule on the Internet gateway form to specify when your service will automatically connect to your Internet Service Provider (ISP).
You can establish a connection based on time, a connection based on demand, or both.
Establishing a timed schedule
The Time A and Time B Scheduling subtabs control incoming email (POP3) and dialup connectivity based on times.
This is how we set the schedule on Husky Planes:
 Since Husky Planes does business 24 hours a day, 7 days a week, we want to receive Internet email from our ISP using POP3 every day. We chose a 4:00 AM start time so email will be there for early risers and a 1:00 AM stop time for trash collection and administrative tasks when usage would probably be low. Between 1:00 AM and 4:00 AM no email or news is retrieved.
We chose to connect between the start and stop times every hour. If users find they are waiting too long for information, you can increase the interval to repeat the connection. Of course, if there is a great deal of email and news, the individual connections will be long.
On Husky Planes, we don’t need to use the Time B subtab. The Time B subtab performs the same function as the Time A subtab but provides you with more flexibility when setting up your schedule. For example, if you have a connection where you are charged by time, or you don’t want to frequently retrieve email and news during off hours (for example, if you have a continuous connection but don’t want to put extra pressure on your system’s broadband capacity).
Establishing a schedule based on demand
The Demand Scheduling subtab controls connection based on either the number of messages awaiting delivery or users logging in.
On Husky Planes, we selected "Import when user logs in" to retrieve messages and deliver them to users when they connect (or on the hour as set on the Time A subtab). This setting lightens the load on our server, as the messages are stored on the delivering mail server until the user is logged in (or on the hour as set on the Time A subtab).
Between the timed and demand schedules, Husky Planes will retrieve messages every hour or if a user logs in during that hour.
Configuring a dialup connection
Husky Planes has a continuous connection to the Internet. However, if your organization uses a dialup connection (you dial into an Internet Service Provider to send and retrieve email and news) rather than a continuous connection to the Internet, you must configure a dialup connection.
To configure a dialup connection:
1 Select "Intermittent or dialup" on the General tab on the Basic Internet Setup form.
2 Select "Route through one server", on the Routing tab on the Advanced Mail form, and enter the IP address for that server.
3 Install and configure dialup software on the same computer where you have Internet Services installed.
Configure Dial-Up Networking on Windows or a third-party software router (such as the Vicom Internet Gateway) to handle routing of network and IP traffic for dialup connection support on Mac.
4 Set a low time-out value on your dialup software.
5 Enter the information on the Scheduling tab and complete the Demand tab on the Internet gateway form.
This forces a dialup connection based on the number of queued messages for outgoing mail (SMTP).
The schedule you set on the Scheduling tab controls when you connect. The low time-out value you set on your dial-up software controls when that connection is dropped. If you have a set rate for peak hours you can set the Time A subtab for frequent polling (for example, every five minutes). During off hours, where you are charged higher rates, you can set the Time B subtab for less frequent polling (for example, every two hours).
You should configure your Demand tab according to how many messages you want queued before initiating an automatic dialup connection. For example, if you want all urgent messages sent out immediately, set "Urgent messages" to a lower number. If you don’t require all your messages to go out immediately, set "All messages" to a higher number.
Configuring user mail aliases
By default, the FirstClass server does not automatically create mail aliases for delivering inbound mail to your users. In this case, you need to enter aliases manually on each user's User Information Form.
If you want FirstClass to automatically generate mail aliases, you must enable the appropriate options on the Aliases tab on the Advanced Directory form.
Although both the Automatic aliases settings and the Inbound mail addressing settings are on the same form, they do perform different functions.
The Automatic aliases section tells the server what (if any) aliases to generate. Once the server creates the requested aliases, it passes them to Internet Services exactly the same way as if they had been manually entered in the User Information Form. The options in the Automatic aliases section are a convenience to save you from having to manually enter user aliases.
The Inbound mail addressing section controls how Internet Services and the server handle messages that arrive with an alias that Internet Services can't identify. "Allow Short Forms" and "Exact Match Only" force Internet Services to pass any message with an unknown recipient address to the server to process. With the first option, the server checks to see if there are any short forms of a user's name in the FirstClass Directory and to reject unknown addresses. With the second option, the server checks for an exact match as entered on a User Information Form and to reject unknown addresses. Both options put more load on the server, as it has to process each message and they also open up your system to more potential junk mail.
"Aliases Only" tells Internet Services to look up an alias in the Internet Services table and make a decision based on those entries instead of passing the message to the server for processing. If an alias is not found, Internet Services sends it right back to the sender without using any further system resources. If an alias is found, Internet Services sends the message directly to the user's Mailbox.
For most standard FirstClass sites, we recommend choosing "Aliases Only". This is the safest and most easily controlled option, as only messages addressed to users with specifically configured aliases, or those that you've entered manually, will pass to the user. In some rare cases, mostly for very large sites, you may need to choose the "Exact Match Only" option. This allows you to have aliases without putting too great a load on Internet Services. The most dangerous choice is "Allow Short Forms", since it provides more combinations of names to pass through to the server and opens your users up to a greater chance of receiving junk mail. This setting is mainly for backwards compatibility and not recommended for most sites.
These are some possible scenarios:
Scenario 1
If you select any option in the Automatic aliases section and "Aliases Only" in the Inbound mail addressing section, with no aliases manually entered on the User Information Form, your users would only receive mail addressed to the specified alias choice. For example, if we selected "Use first initial and last name as aliases" on Husky Planes, Roy Allen's aliases would be rallen@huskyplanes.com.
Choosing "Aliases Only" puts no extra load on the server and choosing any option (except for the first option) won't attract extra spam, as there is only one possible alias for a user.
Scenario 2
If you select any option in the Automatic aliases section and "Aliases Only" in the Inbound mail addressing section, but also manually enter aliases on the User Information Form, your users would only receive mail to their unique aliases you've manually entered. For example, if we selected "Use first name and last initial as aliases" on Husky Planes but also entered "royboy" in the "Mail aliases" field on his User Information Form, Roy Allen would only get mail addressed to royboy@huskyplanes.com. Manual aliases always override any other options.
Choosing "Aliases Only" puts no extra load on the server and choosing any option (except for the first option) won't attract extra spam, as there is only one possible alias for a user. However, you can provide unique aliases to those users on your system who need them.
Scenario 3
If you select both "Do not create automatic aliases" in the Automatic aliases section and "Exact Match Only" in the Inbound mail addressing section, your users would only receive mail addressed to firstname_lastname@yoursite.com or firstname_initial_lastname, as they appear on the User Information Form. For example, if we had this configuration on Husky Planes, Roy Allen's aliases would be
Choosing "Exact Match Only" puts extra load on the server, as Internet Services has to pass all messages with unknown addresses to the server to process, which may include junk mail. Unless there is a good reason to use this configuration, we recommend it less than the first two scenarios.
Scenario 4
 NoteThis is an extreme case and rarely used on most sites.
If you want to completely stop your users from receiving mail altogether, you would have this configuration:
• select "Do not create automatic aliases"
• choose "Aliases Only" from the Inbound mail addressing options
• clear "Mail aliases" on the User Information Form.
Adding a global signature to outbound messages
You can configure Internet Services to append global signature content, such as a disclaimer announcement. The content is appended to all outgoing SMTP messages. The text can be either plain or styled, and you can embed pictures. You can also attach a file, which attaches this file to the outgoing email.
To add global signature content:
1 Open Internet Services/Global Signature on the administrator's Desktop.
If a Global Signature document does not yet exist in Internet Services, create one.
2 Enter your global signature content.
Using the inetsvcs.cf file for additional configuration
The inetsvcs.cf file is located in the same folder as the Internet Services executable file and is used to set logging and infrequently changed settings that aren't controlled by any Internet Services form.
The logging aspects of this file are described in "Monitoring Internet Services".
The settings below are specified in the [Config] section of this file.
Signals
Mac and Linux versions of Internet Services support a set of signals that can be sent to the Internet Services process, which triggers certain commands. The list of handled signals is output in response to starting fcisd with the --help argument, along with the default actions:
The above actions can be redefined with entries in the inetsvcs.cf file, in the Config section, using the following keywords:
SET_SIGUSR1
SET_SIGUSR2
SET_SIGINFO
SET_SIGVTALRM
The value for each of these keywords is a list of one or more command numbers, separated by commas, surrounding by double quotes. The command numbers are the same as those that would be supplied to the FCPUTIL command:
For example, to display the kernel task list, followed by the kernel statistics when the USR1 signal is received, add this to the inetsvcs.cf file:
SET_SIGUSR1 = "1102, 1103"
POP sucking
The following parameters control POP sucking and the IMAP importer. This can improve reliability when sucking large mailboxes:
If you set POP3 limits on the Basic Internet Setup form, the limits set there override the limits set in inetsvcs.cf.
SSL security
The SET_SSLCipherSuite parameter overrides the default SSL cipher suite to provide enhanced SSL security in order to pass stricter security audits. This is done by configuring the OpenSSL library to disable lower-security ciphers by means of a string that describes which sets of ciphers to enable or disable.
This string can't enable ciphers that aren't enabled by the configured build of OpenSSL included in Internet Services. It can only disable them. In addition, the "Disabled versions" SSL checkboxes on, for example, the Advanced Web & File and Advanced Mail forms override this setting.
The following string should work for most sites:
SET_SSLCipherSuite = "-ALL:+HIGH:+MEDIUM"
For sites requiring the use of only the highest encryption ciphers, use this string:
SET_SSLCipherSuite = "-ALL:+HIGH"
For complete documentation on string format, see http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite.
Worker threads
The following parameters control worker thread options:
Mobile push notifications
You can disable push notification services for individual mobile platforms with these keywords:
SET_DisableApplePNS = 1
SET_DisableBlackBerryPNS = 1
SET_DisableWinPhonePNS = 1
SET_DisableAndroidPNS = 1
You can override the Google push notification API key and GCM Sender ID using:
GoogleAPIKey = "API key string"
GoogleCMSenderID = "sender ID string"
Starting Internet Services
There are several ways you can start Internet Services after you have finished your configuration:
• manually by double-clicking the Internet Services executable located on your hard drive in the same location as the FirstClass server executable. This file is called fcintsrv.exe (Windows) or fcisd (when running as a Unix daemon)
You can also double-click the FirstClass Internet Services shortcut (Windows) or the Internet Services Start (Mac, Linux) alias on your operating system's desktop.
• run Internet Services as a Windows service
The module will launch automatically upon Windows startup.
• automatically, when you start your server by enabling the option on the General tab of the Basic Internet Setup form (both the server and Internet Services must reside on the same machine)
 WarningIf both the server and Internet Services are on the same machine, and you have Internet Services running as a Windows service, do not select the "Start Internet Services automatically" option, as enabling both will result in two copies of Internet Services being started.
Internet Services writes output (activity and error messages) to standard output. If it is started in a command window (Windows), log output is also displayed there. If it is running in a terminal window (Mac, Linux), only standard error messages are displayed in that window.
Checking your configuration
After you have started Internet Services, log into the Internet Services account to verify that your configuration settings are what you expected.
To log into the Internet Services account, use the inetsvcs.fc settings file located in the same folder as the Internet Services executable. Don't change the user ID (1000000000) on the Login screen.
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||